some package file download link need "referer: " header to correctly download the files. e.g: https://drivers.pantum.cn/userfiles/files/download/drive/1820/Pantum%20Ubuntu%20Driver%20V1_1_100-1.zip need curl command flag "--referer https://www.pantum.cn/support/download/driver/" to currectly donwload this file.
This is a corner case and I don't think there's a point in adding the complexity (especially that it can't be added without breaking backwards compatibility with PORTAGE_FETCHCOMMAND). Furthermore, given that upstream deliberately blocks the download, it is legally dubious whether we should officially work around that. In the end, if we do they might just use a more sophisticated method of blocking direct downloads.
Our current approach would be to set RESTRICT=fetch for these packages, since the Referer header requirement indicates a lack of permission.
The package manager would have to send a forged referrer header. Pretty sure that this would violate the HTTP standard.
It also, as mgorny suggests, would then get us into an arms race. While I _do_ think we should sometimes allow things in PMS that we wouldn't want in ::gentoo, I don't think this is one of those times. Way too brittle.
I generally oppose this on the grounds that what you really want is to be able to define your own arbitrary src_fetch function containing handwritten download logic. There's a lot of use cases for this, independent of whether ::gentoo would have a tree policy banning it. For example, you could fill out a webform and post it in order to get redirected to a one-time download link that is only available after you give your real name, company, and email address and sign up for a newsletter and possibly write a short paragraph describing what your interest in the software is. Implementing anything that is overly specific to referer feels wrong.
